A vulnerability was identified in the popular video-sharing app Ticcott, which found users scattered personal information from their profiles, including their phone numbers and profile settings, security researchers at cyber security firm Check Point said on Tuesday. The researchers said the information could be used to manipulate users’ account details and to build a database of TickTalk users for malicious activity.
Flaws in the app’s Find Friends feature also exposed users’ nicknames, profile and avatar pictures, and unique user IDs, Check Point said. There is no evidence that the vulnerability was ever exploited, and the defect is reportedly patched.
Check Point spokesman Ikram Ahmed said in a statement, “An attacker with that range of sensitive information can commit a number of dangerous activities, such as spear phishing or other criminal actions.” “Our message for Tiktok users is bare minimum sharing when it comes to your personal data.”
Tiktok described security and privacy as his top priority in his community and thanked Check Point for bringing vulnerability to its attention.
A spokesperson for Tikotok said in a statement, “We continue to continuously strengthen our internal capabilities, such as by investing in automation defense and by working with third parties.”
Tiktok, which operates outside of China, but is owned by Chinese tech company ByteDance, has gone into its share of controversy to protect user data. A user from California sued the company in 2019, alleging that she shares user data with the Chinese government. After the US military initially used the service for recruitment, members of the service on government phones were banned from using the app.
This is also not the first TikTok vulnerability discovered by TikTok. Earlier this month, researchers at the firmThe door opened to a series of attacks on users, including sending legitimate-looking text messages with links to malicious software and manipulating videos stored on the service.